Do you mean the final Perl output sent to the user? No. A browser sees no difference if it receives its content from a static page or dynamic program. So this is no different from trynig to hide your source for any other page, which cannot be done.
And also very easily recoverable. All someone would have to do is change document.write to someTextArea.value (generally speaking) to see the results. It also makes your page *completely* dependent on the user having scripting enabled.
Yes, because whatever output leech.cgi?decrypt produces gets sent to the user, otherwise their browser can't run it. This is why nothing client-side can be kept secure, whether it be markup, programming, text, or images.